Cybersecurity: Recent Legislation

I know, talking legislation is sexy stuff. But a short look back at some recent developments will be foundational to some important coming discussions.

The past several months have been packed with Cybersecurity legislation. Law making is inherently an iterative process and at the risk of sounding cynical, despite all the activity it’s fair to say we haven’t covered much new ground in 2015. But don’t interpret the following synopsis as cynicism. The legislation is absolutely indicative of substantive forward progress, but I feel there’s an opportunity at hand for larger leaps forward. A short recap of recent legislation and recurring themes to frame a later discussion:

[i] Information sharing is one means of attempting to scale efforts to combat an “open source adversary.” Open source adversaries, like cyber criminals and advanced persistent threats, can cheaply and easily replicate attack methods and vectors using scale to incredible advantage. J. Michael Daniel, cyber-security coordinator at the White House, gave this explanation of the counter tactic benefits: “We have seen industries that have increased their information sharing—such as in the financial services industry—and that does make a meaningful difference in being able to cut out a lot of the low-level attacks and intrusions. When you do that, then you can focus your humans on the more sophisticated intruders. I see this as a sort of baseline for us just to stay in the game.” For a brief treatment on open source cyberwar see John Robb’s blog or the excellent example in his book Brave New War.